Title :
Scalable Long-term Network Forensics for Epidemic Attacks
Author :
Chen, Li Ming ; Chen, Meng Chang ; Sun, Yeali S. ; Hsiao, Shun-Wen ; Sekar, Vyas ; Zhang, Hui
Author_Institution :
Inst. of Inf. Sci., Acad. Sinica, Taipei, Taiwan
Abstract :
Network forensics supports capabilities such as attacker identification and attack reconstruction, which complement traditional intrusion detection and perimeter defense techniques in building a robust security mechanism. Attacker identification pinpoints attack origin to deter future attackers and attack reconstruction can reveal attack causality and network vulnerabilities. In this paper, we study the problem of investigating the origin of stealthy epidemic attacks which may have long lifespan. We propose a network forensics mechanism which is scalable in time and space while maintaining high accuracy in attack origin identification. We propose a data reduction method to filter out irrelevant data and only retain evidence relevant to potential attacks for postmortem investigation. Using real trace-driven experiments, we evaluate the performance of the proposed mechanism and show that we can achieve low false positive and false negative rates in data reduction and support high scalability and accuracy in long-term network forensics.
Keywords :
security of data; attacker identification; data reduction method; intrusion detection; network forensics mechanism; perimeter defense techniques; postmortem investigation; robust security mechanism; scalable long-term network forensics; stealthy epidemic attacks; Filters; Forensics; Information management; Information science; Internet; Intrusion detection; Performance analysis; Scalability; Sun; Telecommunication traffic;
Conference_Titel :
Network and Service Security, 2009. N2S '09. International Conference on
Conference_Location :
Paris
Print_ISBN :
978-2-9532-4431-1
